Original request:
> Dear Managers,
>
> After upgrading to 4.1.3_U1 we have found that the environment variable
> LD_LIBRARY_PATH gets undefined after an su to another user. This doesn't
> seem to be mentioned anywhere - I can only assume it's intended as a
> security "feature" rather than a bug. Obviously it is easy to workaround,
> but I'd sooner install the patch if there is one. Our maintenance
> company (Intergraph) are being typically unhelpful. Any info would be
> appreciated.
>
I had a number of responses, some of which were "use su -" (I did say
it was obvious to workaround), and some of which pointed out the security
implications (which I'd guessed) which meant that any setuid program
could be compromised by faking the appropriate library. It looks as if
this is an intended security fix - it just would have been nice if Sun had
bothered to mention it...
We shall get round it by defining the LD_LIBRARY_PATH in the central .cshrc
rather than the central .login.
Thanks to the following:
Tom Reingold <tommy@big.att.com>
craven@cg.emr.ca (Jim Craven)
bownes@lucas.emi.com (Bownes)
Casper Dik <casper@fwi.uva.nl>
Mike Raffety <mike_raffety@il.us.swissbank.com>
chip@eniac.seas.upenn.edu (Charles H. Buchholtz)
Kim Culhan <kimc@w8hd.org>
(Philip Guenther) <guenther@stolaf.edu>
epl@Kodak.COM (Gene Loriot (epl@Caps.Kodak.COM.))
***********************************************************************
* Andrew Beckett * *
* Senior Design Engineer * *
* Fujitsu Microelectronics Ltd * *
* Highway House * phone : (0628) 71116 *
* Norreys Drive * fax : (0628) 773990 *
* Maidenhead. Berks SL6 4BW * email : a.beckett@fmlrnd.co.uk *
***********************************************************************
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:00 CDT